CVE-2021-47746

Description

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by manipulating the file path parameter.

PUBLISHED Reserved 2025-12-31 | Published 2026-01-21 | Updated 2026-01-22 | Assigner VulnCheck

Problem types

External Control of File Name or Path

Product status

Credits

1F98D finder

References

www.exploit-db.com/exploits/49813 (ExploitDB-49813) exploit

nodebb.org/ (Official NodeBB Homepage) product

github.com/NodeBB/nodebb-plugin-emoji (NodeBB Emoji Plugin GitHub Repository) product

www.vulncheck.com/...odebb-plugin-emoji-arbitrary-file-write (VulnCheck Advisory: NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write) third-party-advisory

cve.org (CVE-2021-47746)

nvd.nist.gov (CVE-2021-47746)

Download JSON